Even relatively casual users who load up on browser tabs and inefficient Electron apps (household names like Slack, Teams, Discord, etc.) can find performance compromised by running out of RAM.

Gosh, if the Reddit community would have the same outrage towards that, as to the base model being 8GB, we would be in a better world. The increasing demands in productivity apps and in games due to shitty code is just ridiculous.

And it really sucks for consumers, because if this negative trend won’t stop, your new 16GB RAM MacBook will be EoL in a few years. Unlike your old 2013 that you could use for almost a decade.

Why would you leave PermitRootLogin to yes? Doesn’t really matter, if root ca nit login anyways?!

Just like you don’t really need UFW, not really harmful and for piece of mind :)

But to be honest, I am no expert either. I look at your config and think, just leave everything at default besides these twos:

PubkeyAuthentication yes PasswordAuthentication no

Things like

MaxAuthTries 3

don’t matter for public key auth.

PermitRootLogin I would set to yes.

sudo systemctl restart ssh will only restart your ssh client and not the ssh server you try to restart. Use sshd insted.

I personally find it easier to use no root during setup and import my ssh keys from github using ssh-import-id.

UFW doesn’t harm, but if the host is on your Proxmox Hypervisor, it is probably behind a deny all incoming firewall anyway. That is also why I would leave IPv6 on.

Like other have noted, Crowdsec is a little bit more complex to setup but also offers more features. As a side note, Fail2ban is unfortunatly not IPv6 ready.